If after executing the command the homepage of the google shows up then then the website is vulnerable to this attack

if it does not come up then you should look for a new target. In my case after executing the above command in the address bar Google homepage shows up

indicating that the website is vulnerable to this attack. Now the hacker would upload the shells to gain access. The most common shells used are c99 shell or r57 shell. I would use c99 shell. You can download c99 shell from the link below:http://www.sh3ll.org/c99.zip

Don't Forget To add ―?‖ after .txt at the end of url or else the shell will not execute. Now the hacker is inside the website and he could do anything with it he can upload deface pages... etc to pwned the site .